there are a ton of icmp message types, the block is likely preventing you
from getting some errors. A former coworker had a good idea that went like
this, in this order.
Permit all icmp from trusted monitoring hosts
deny icmp echo/echo-request from all
permit icmp from all
Its a middle of the road approach, and some folks will tell you its too
open. But, I happen to believe that receiving and processing icmp errors is
better than putting them in the bit bucket.
Brian
----- Original Message -----
From: "ramesh c"
To:
Sent: Wednesday, January 08, 2003 5:32 AM
Subject: icmp messages [7:60602]
> I got access list as follows on my router
>
> access-list 100 permit icmp host any host xyz ttl-exceed
> access-list 100 deny icmp any any
>
> when I do a traceroute from host xyz,I get reply only from some hosts .The
> Hitcounts on deny icmp icmp increases.the access-group is applied to the
"in"
>
>
> Am I missing any other icmp messages?Is there a way to allow all icmp
> messages for the host?
>
> Cheers
>
>
> _____________________________________________________________
> Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
> http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60616&t=60602
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
